We are created the Virtual host on CentOS 8 . The domain name was configured in noip.com. we can able to download the CSR certificate while we uploading the certificate in the firewall. It is shows as an R3 certificate. It doesn't have any CA name to get sign from external authority because of the issue the certificate is only valid for firewall device itself. we wouldn't able to access the GP clients using this certificate. Kindly give some suggestions regarding this issue.
R3 is the intermediate CA currently used by LE.
Certificate files don't normally come with the trusted root cert.
[all trusted root certificates should only be provided by the OS and any such updates]
R3 chains to a trusted root.
If you have such a firewall in between your web servers and the Internet (especially a "web application firewall" or "WAF"), and you're having trouble getting or renewing a Let's Encrypt certificate, you should modify your firewall policies and enable acme-protocol connections from the Internet to your servers. The connections in question are only one specific portion of the ACME protocol, but this is apparently the term that now Palo Alto uses in its configuration to refer to them.
after doing thing quote said, run acme client on webserver itself.
Supplemental information, there are no Ports Open.
$ nmap -Pn testpaloalto.ddns.net
Starting Nmap 7.80 ( https://nmap.org ) at 2023-03-06 01:18 UTC
Nmap scan report for testpaloalto.ddns.net (22.214.171.124)
Host is up.
All 1000 scanned ports on testpaloalto.ddns.net (126.96.36.199) are filtered
Nmap done: 1 IP address (1 host up) scanned in 202.05 seconds
Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.